Almost every discussion had something to do with PCI — mostly negative, indicating that there’s gotta be a better way to achieve the spirit and intent of the PCI DSS.

Josh Corman presented a thoughtful and provocative talk called “Is PCI The No Child Left Behind For Infosec” — hilarious, unsettling, and even a bit maddening. He’s onto something, and I’ll be posting some more thoughts on this later. And Matt and I will be interviewing him in about two hours.

John Pironti, who has been a huge influence on me for over a decade, talked about the potential repercussions of the PCI Community not fixing these problems — right now, PCI is a contractual obligation with the card brands, but if data breaches keep happening, it could result in actual government regulation.

Rick Moy talked about the great analysis they did at NSS Labs about the failure of security vendors that enterprises rely on to prevent (and often detect/correct) sophisticated threats like the China/Google Aurora attack. We have a great interview of him, as well.